The Dutch privacy watchdog, the Dutch Data Protection Authority (AP) has received a big slap on the wrist from Brussels, in a privacy case that is causing a lot of commotion. According to the European Commission, the AP interprets privacy legislation too strictly, hindering entrepreneurship in the European Union.
According to the European Commission, the AP misreads the GDPR data protection law and case law on this. “The strict interpretation by the Dutch regulator constitutes a serious obstacle for companies to process personal data based on a commercial interest, because they should receive permission from every data subject,” the Commission said in a letter to the AP. According to Brussels, the Dutch supervisory authority does not strike the right balance between the right to data protection on the one hand and the freedom of undertaking on the other. The Commission ends the letter with an “invitation” to the AP to change its position.